diff --git a/charts/jarvis-project/templates/Job-project.yaml b/charts/jarvis-project/templates/Job-project.yaml
index 08964921..b0e05089 100644
--- a/charts/jarvis-project/templates/Job-project.yaml
+++ b/charts/jarvis-project/templates/Job-project.yaml
@@ -51,16 +51,19 @@ spec:
- -cex
- |
# Create gerrit repo
- ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
- -p 29418 \
- -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
- gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
- &&
- ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
- -p 29418 \
- -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
- gerrit set-project-parent \
- {{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
+ ( \
+ ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
+ -p 29418 \
+ -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
+ gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
+ &&
+ ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
+ -p 29418 \
+ -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
+ gerrit set-project-parent \
+ {{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
+ --children-of Non-Verified-Label-Projects \
+ ) \
|| \
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \
diff --git a/charts/jarvis-system/templates/EventListener-system.yaml b/charts/jarvis-system/templates/EventListener-system.yaml
index e7d20e18..df3aabe1 100644
--- a/charts/jarvis-system/templates/EventListener-system.yaml
+++ b/charts/jarvis-system/templates/EventListener-system.yaml
@@ -7,6 +7,7 @@ metadata:
spec:
serviceAccountName: {{ template "helpers.labels.fullname" . }}-el
triggers:
+ # Gating Pipeline
- name: jarvis-create
interceptors:
- cel:
@@ -36,6 +37,37 @@ spec:
- ref: {{ template "helpers.labels.fullname" . }}-createresult
template:
ref: {{ template "helpers.labels.fullname" . }}-createfailure
+
+ # Integration Pipeline
+ - name: jarvis-merge
+ interceptors:
+ - cel:
+ filter: >-
+ header.match('X-Jarvis', 'merge')
+ bindings:
+ - ref: {{ template "helpers.labels.fullname" . }}-merge
+ template:
+ ref: {{ template "helpers.labels.fullname" . }}-merge
+ - name: jarvis-merge-success
+ interceptors:
+ - cel:
+ filter: >-
+ header.match('Ce-Type', 'dev.tekton.event.pipelinerun.successful.v1') &&
+ body.pipelineRun.metadata.labels['triggers.tekton.dev/trigger'] == 'jarvis-merge'
+ bindings:
+ - ref: {{ template "helpers.labels.fullname" . }}-mergeresult
+ template:
+ ref: {{ template "helpers.labels.fullname" . }}-mergesuccess
+ - name: jarvis-merge-failure
+ interceptors:
+ - cel:
+ filter: >-
+ header.match('Ce-Type', 'dev.tekton.event.pipelinerun.failed.v1') &&
+ body.pipelineRun.metadata.labels['triggers.tekton.dev/trigger'] == 'jarvis-merge'
+ bindings:
+ - ref: {{ template "helpers.labels.fullname" . }}-mergeresult
+ template:
+ ref: {{ template "helpers.labels.fullname" . }}-mergefailure
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "EventListener-system" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/Pipeline-create.yaml b/charts/jarvis-system/templates/Pipeline-create.yaml
index e603b841..c716e47b 100644
--- a/charts/jarvis-system/templates/Pipeline-create.yaml
+++ b/charts/jarvis-system/templates/Pipeline-create.yaml
@@ -40,9 +40,11 @@ spec:
value: $(params.changeNumber)
- name: patchSetNumber
value: $(params.patchSetNumber)
+ - name: pipeline
+ value: "create"
workspaces:
- name: output
workspace: output
...
{{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-create" ) }}
\ No newline at end of file
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-create" ) }}
diff --git a/charts/jarvis-system/templates/Pipeline-merge.yaml b/charts/jarvis-system/templates/Pipeline-merge.yaml
new file mode 100644
index 00000000..2a714ca6
--- /dev/null
+++ b/charts/jarvis-system/templates/Pipeline-merge.yaml
@@ -0,0 +1,36 @@
+{{- define "Pipeline-merge" -}}
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-merge
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ workspaces:
+ - name: output
+ tasks:
+ - name: createprojectaccess
+ taskRef:
+ name: {{ template "helpers.labels.fullname" . }}-createprojectaccess
+ params:
+ - name: repoRoot
+ value: $(params.repoRoot)
+ - name: project
+ value: $(params.project)
+ - name: changeNumber
+ value: $(params.changeNumber)
+ - name: patchSetNumber
+ value: $(params.patchSetNumber)
+ - name: pipeline
+ value: "merge"
+ workspaces:
+ - name: output
+ workspace: output
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-merge" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/Pipeline-mergeFailure.yaml b/charts/jarvis-system/templates/Pipeline-mergeFailure.yaml
new file mode 100644
index 00000000..2997f092
--- /dev/null
+++ b/charts/jarvis-system/templates/Pipeline-mergeFailure.yaml
@@ -0,0 +1,40 @@
+{{- define "Pipeline-mergeFailure" -}}
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergefailure
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ - name: pipelineName
+ - name: pipelineRunName
+ - name: pipelineRunNamespace
+ tasks:
+ - name: mergefailure
+ taskRef:
+ name: {{ template "helpers.labels.fullname" . }}-mergefailure
+ params:
+ - name: repoRoot
+ value: $(params.repoRoot)
+ - name: project
+ value: $(params.project)
+ - name: changeNumber
+ value: $(params.changeNumber)
+ - name: patchSetNumber
+ value: $(params.patchSetNumber)
+ - name: checkerUUID
+ value: $(params.checkerUUID)
+ - name: pipelineName
+ value: $(params.pipelineName)
+ - name: pipelineRunName
+ value: $(params.pipelineRunName)
+ - name: pipelineRunNamespace
+ value: $(params.pipelineRunNamespace)
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-mergeFailure" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/Pipeline-mergeSuccess.yaml b/charts/jarvis-system/templates/Pipeline-mergeSuccess.yaml
new file mode 100644
index 00000000..6989f6e4
--- /dev/null
+++ b/charts/jarvis-system/templates/Pipeline-mergeSuccess.yaml
@@ -0,0 +1,40 @@
+{{- define "Pipeline-mergeSuccess" -}}
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergesuccess
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ - name: pipelineName
+ - name: pipelineRunName
+ - name: pipelineRunNamespace
+ tasks:
+ - name: mergesuccess
+ taskRef:
+ name: {{ template "helpers.labels.fullname" . }}-mergesuccess
+ params:
+ - name: repoRoot
+ value: $(params.repoRoot)
+ - name: project
+ value: $(params.project)
+ - name: changeNumber
+ value: $(params.changeNumber)
+ - name: patchSetNumber
+ value: $(params.patchSetNumber)
+ - name: checkerUUID
+ value: $(params.checkerUUID)
+ - name: pipelineName
+ value: $(params.pipelineName)
+ - name: pipelineRunName
+ value: $(params.pipelineRunName)
+ - name: pipelineRunNamespace
+ value: $(params.pipelineRunNamespace)
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-mergeSuccess" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/Task-createProjectAccess.yaml b/charts/jarvis-system/templates/Task-createProjectAccess.yaml
index 52d51429..1bd2b67f 100644
--- a/charts/jarvis-system/templates/Task-createProjectAccess.yaml
+++ b/charts/jarvis-system/templates/Task-createProjectAccess.yaml
@@ -10,6 +10,7 @@ spec:
- name: project
- name: changeNumber
- name: patchSetNumber
+ - name: pipeline
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this workspace
@@ -231,8 +232,7 @@ spec:
kubectl create \
-n jarvis-$(params.changeNumber)-$(params.patchSetNumber) \
- -f "$(workspaces.output.path)"/jarvis/development-pipeline/pipelinerun-validation.yaml
-
+ -f "$(workspaces.output.path)"/jarvis/development-pipeline/pipelinerun-$(params.pipeline).yaml
# Default wait timeout is 1000 seconds
end=$(date +%s)
timeout=${3:-3000}
diff --git a/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml b/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml
index 2771ff18..aa5cdcea 100644
--- a/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml
+++ b/charts/jarvis-system/templates/Task-createRegisterScheduled.yaml
@@ -30,7 +30,6 @@ spec:
script: |
#!/bin/sh
set -eu -o pipefail -x
-
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
@@ -46,7 +45,6 @@ spec:
"message": "Jarvis has started to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo"
}
EOF
-
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
@@ -71,4 +69,4 @@ spec:
path: gerrit-netrc
...
{{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createRegisterScheduled" ) }}
\ No newline at end of file
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createRegisterScheduled" ) }}
diff --git a/charts/jarvis-system/templates/Task-mergeFailure.yaml b/charts/jarvis-system/templates/Task-mergeFailure.yaml
new file mode 100644
index 00000000..9a63e867
--- /dev/null
+++ b/charts/jarvis-system/templates/Task-mergeFailure.yaml
@@ -0,0 +1,111 @@
+{{- define "Task-mergeFailure" -}}
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergefailure
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ - name: pipelineName
+ - name: pipelineRunName
+ - name: pipelineRunNamespace
+ steps:
+ - name: mergefailure
+ image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_results" ) }}
+ volumeMounts:
+ - name: gerrit-netrc
+ mountPath: /run/jarvis/gerrit-netrc
+ subPath: gerrit-netrc
+ script: |
+ #!/bin/bash
+ set -eu -o pipefail -x
+
+ # Get project information from Harbor
+ PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json")
+ PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id')
+
+ # Get the taskRun uid from the microflow-setup-image pod
+ TASK_RUN_NAMESPACE="jarvis-$(params.changeNumber)-$(params.patchSetNumber)"
+ TASK_RUN_DEV_PIPELINE=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" | grep microflow-setup-image | awk '{print $1}') || true
+
+ if [[ -z "$TASK_RUN_DEV_PIPELINE" ]]; then
+ # Do not append the CVE report link, if there is no 'microflow-setup-image' pod to get the taskRun uid from
+ REPO_COUNT=0
+ else
+ TASK_RUN_UID=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" "${TASK_RUN_DEV_PIPELINE}" -o jsonpath='{.metadata.uid}')
+ # For first time run, there may be no repositories, so only check for artifacts if the project has repositories
+ REPO_COUNT=$(echo $PROJECT_INFO | jq -r '.project'[0].'repo_count')
+ fi
+
+ MESSAGE="Jarvis failed to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project)"
+
+ if [ $REPO_COUNT -gt 0 ]; then
+ REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
+ # Grabs the SHA256 of the corresponding artifact based off taskrun uid
+ SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest')
+ MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
+ fi
+
+ curl \
+ --netrc-file /run/jarvis/gerrit-netrc \
+ --fail \
+ --insecure \
+ -L \
+ -H "Content-Type: application/json; charset=UTF-8" \
+ $(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/checks/ \
+ --data-binary @- << EOF
+ {
+ "checker_uuid": "$(params.checkerUUID)",
+ "state": "FAILED",
+ "url": "https://{{ .Values.params.grafana.dashboard.host }}/d/{{ .Values.params.grafana.dashboard.uid }}/{{ .Values.params.grafana.dashboard.title }}?orgId={{ .Values.params.grafana.dashboard.orgid }}&var-namespace=$(params.pipelineRunNamespace)&var-tekton_dev_pipeline=$(params.pipelineName)&var-tekton_dev_pipelineRun=$(params.pipelineRunName)&var-tekton_dev_taskRun=All",
+ "message": "${MESSAGE}",
+ "finished": "$(date --utc '+%F %T.%N')"
+ }
+ EOF
+
+ curl \
+ --netrc-file /run/jarvis/gerrit-netrc \
+ --fail \
+ --insecure \
+ -L \
+ -H "Content-Type: application/json; charset=UTF-8" \
+ $(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/review/ \
+ --data-binary @- << EOF
+ {
+ "labels": {
+ "Verified": "-1"
+ }
+ }
+ EOF
+
+ curl \
+ --netrc-file /run/jarvis/gerrit-netrc \
+ --fail \
+ --insecure \
+ -L \
+ -H "Content-Type: application/json; charset=UTF-8" \
+ $(params.repoRoot)/a/changes/$(params.changeNumber)/hashtags/ \
+ --data-binary @- << EOF
+ {
+ "add": [],
+ "remove": [
+ "jarvis-merge"
+ ]
+ }
+ EOF
+ volumes:
+ - name: gerrit-netrc
+ secret:
+ secretName: {{ template "helpers.labels.fullname" . }}-gerrit
+ defaultMode: 0444
+ items:
+ - key: gerrit-netrc
+ path: gerrit-netrc
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-mergeFailure" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/Task-mergeSuccess.yaml b/charts/jarvis-system/templates/Task-mergeSuccess.yaml
new file mode 100644
index 00000000..fd8c823e
--- /dev/null
+++ b/charts/jarvis-system/templates/Task-mergeSuccess.yaml
@@ -0,0 +1,61 @@
+{{- define "Task-mergeSuccess" -}}
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergesuccess
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ - name: pipelineName
+ - name: pipelineRunName
+ - name: pipelineRunNamespace
+ steps:
+ - name: mergesuccess
+ image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_results" ) }}
+ volumeMounts:
+ - name: gerrit-netrc
+ mountPath: /run/jarvis/gerrit-netrc
+ subPath: gerrit-netrc
+ script: |
+ #!/bin/bash
+ set -eu -o pipefail -x
+
+ curl \
+ -X POST \
+ --fail \
+ --netrc-file /run/jarvis/gerrit-netrc \
+ --insecure \
+ -L \
+ $(params.repoRoot)/a/changes/$(params.changeNumber)/submit/
+
+ curl \
+ --netrc-file /run/jarvis/gerrit-netrc \
+ --fail \
+ --insecure \
+ -L \
+ -H "Content-Type: application/json; charset=UTF-8" \
+ $(params.repoRoot)/a/changes/$(params.changeNumber)/hashtags/ \
+ --data-binary @- << EOF
+ {
+ "add": [],
+ "remove": [
+ "jarvis-merge"
+ ]
+ }
+ EOF
+ volumes:
+ - name: gerrit-netrc
+ secret:
+ secretName: {{ template "helpers.labels.fullname" . }}-gerrit
+ defaultMode: 0444
+ items:
+ - key: gerrit-netrc
+ path: gerrit-netrc
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-mergeSuccess" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/TriggerBinding-merge.yaml b/charts/jarvis-system/templates/TriggerBinding-merge.yaml
new file mode 100644
index 00000000..2a93e422
--- /dev/null
+++ b/charts/jarvis-system/templates/TriggerBinding-merge.yaml
@@ -0,0 +1,21 @@
+{{- define "TriggerBinding-merge" -}}
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerBinding
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-merge
+spec:
+ params:
+ - name: repoRoot
+ value: $(body.repoRoot)
+ - name: project
+ value: $(body.project)
+ - name: changeNumber
+ value: $(body.changeNumber)
+ - name: patchSetNumber
+ value: $(body.patchSetNumber)
+ - name: checkerUUID
+ value: $(body.checkerUUID)
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerBinding-merge" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/TriggerBinding-mergeResult.yaml b/charts/jarvis-system/templates/TriggerBinding-mergeResult.yaml
new file mode 100644
index 00000000..8bc0c108
--- /dev/null
+++ b/charts/jarvis-system/templates/TriggerBinding-mergeResult.yaml
@@ -0,0 +1,27 @@
+{{- define "TriggerBinding-mergeResult" -}}
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerBinding
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergeresult
+spec:
+ params:
+ - name: repoRoot
+ value: $(body.pipelineRun.spec.params[?(@.name=='repoRoot')].value)
+ - name: project
+ value: $(body.pipelineRun.spec.params[?(@.name=='project')].value)
+ - name: changeNumber
+ value: $(body.pipelineRun.spec.params[?(@.name=='changeNumber')].value)
+ - name: patchSetNumber
+ value: $(body.pipelineRun.spec.params[?(@.name=='patchSetNumber')].value)
+ - name: checkerUUID
+ value: $(body.pipelineRun.spec.params[?(@.name=='checkerUUID')].value)
+ - name: pipelineName
+ value: $(body.pipelineRun.spec.pipelineRef.name)
+ - name: pipelineRunName
+ value: $(body.pipelineRun.metadata.name)
+ - name: pipelineRunNamespace
+ value: $(body.pipelineRun.metadata.namespace)
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerBinding-mergeResult" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/TriggerTemplate-merge.yaml b/charts/jarvis-system/templates/TriggerTemplate-merge.yaml
new file mode 100644
index 00000000..b23ac01a
--- /dev/null
+++ b/charts/jarvis-system/templates/TriggerTemplate-merge.yaml
@@ -0,0 +1,39 @@
+{{- define "TriggerTemplate-merge" -}}
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-merge
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ resourcetemplates:
+ - apiVersion: tekton.dev/v1beta1
+ kind: PipelineRun
+ metadata:
+ generateName: {{ template "helpers.labels.fullname" . }}-merge-
+ spec:
+ serviceAccountName: jarvis-system-el
+ pipelineRef:
+ name: {{ template "helpers.labels.fullname" . }}-merge
+ params:
+ - name: repoRoot
+ value: $(tt.params.repoRoot)
+ - name: project
+ value: $(tt.params.project)
+ - name: changeNumber
+ value: $(tt.params.changeNumber)
+ - name: patchSetNumber
+ value: $(tt.params.patchSetNumber)
+ - name: checkerUUID
+ value: $(tt.params.checkerUUID)
+ workspaces:
+ - name: output
+ emptyDir: {}
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-merge" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/TriggerTemplate-mergeFailure.yaml b/charts/jarvis-system/templates/TriggerTemplate-mergeFailure.yaml
new file mode 100644
index 00000000..39822817
--- /dev/null
+++ b/charts/jarvis-system/templates/TriggerTemplate-mergeFailure.yaml
@@ -0,0 +1,45 @@
+{{- define "TriggerTemplate-mergeFailure" -}}
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergefailure
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ - name: pipelineName
+ - name: pipelineRunName
+ - name: pipelineRunNamespace
+ resourcetemplates:
+ - apiVersion: tekton.dev/v1beta1
+ kind: PipelineRun
+ metadata:
+ generateName: {{ template "helpers.labels.fullname" . }}-mergefailure-
+ spec:
+ serviceAccountName: jarvis-system-el
+ pipelineRef:
+ name: {{ template "helpers.labels.fullname" . }}-mergefailure
+ params:
+ - name: repoRoot
+ value: $(tt.params.repoRoot)
+ - name: project
+ value: $(tt.params.project)
+ - name: changeNumber
+ value: $(tt.params.changeNumber)
+ - name: patchSetNumber
+ value: $(tt.params.patchSetNumber)
+ - name: checkerUUID
+ value: $(tt.params.checkerUUID)
+ - name: pipelineName
+ value: $(tt.params.pipelineName)
+ - name: pipelineRunName
+ value: $(tt.params.pipelineRunName)
+ - name: pipelineRunNamespace
+ value: $(tt.params.pipelineRunNamespace)
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-mergeFailure" ) }}
\ No newline at end of file
diff --git a/charts/jarvis-system/templates/TriggerTemplate-mergeSuccess.yaml b/charts/jarvis-system/templates/TriggerTemplate-mergeSuccess.yaml
new file mode 100644
index 00000000..fb29fff5
--- /dev/null
+++ b/charts/jarvis-system/templates/TriggerTemplate-mergeSuccess.yaml
@@ -0,0 +1,45 @@
+{{- define "TriggerTemplate-mergeSuccess" -}}
+---
+apiVersion: triggers.tekton.dev/v1alpha1
+kind: TriggerTemplate
+metadata:
+ name: {{ template "helpers.labels.fullname" . }}-mergesuccess
+spec:
+ params:
+ - name: repoRoot
+ - name: project
+ - name: changeNumber
+ - name: patchSetNumber
+ - name: checkerUUID
+ - name: pipelineName
+ - name: pipelineRunName
+ - name: pipelineRunNamespace
+ resourcetemplates:
+ - apiVersion: tekton.dev/v1beta1
+ kind: PipelineRun
+ metadata:
+ generateName: {{ template "helpers.labels.fullname" . }}-mergesuccess-
+ spec:
+ serviceAccountName: jarvis-system-el
+ pipelineRef:
+ name: {{ template "helpers.labels.fullname" . }}-mergesuccess
+ params:
+ - name: repoRoot
+ value: $(tt.params.repoRoot)
+ - name: project
+ value: $(tt.params.project)
+ - name: changeNumber
+ value: $(tt.params.changeNumber)
+ - name: patchSetNumber
+ value: $(tt.params.patchSetNumber)
+ - name: checkerUUID
+ value: $(tt.params.checkerUUID)
+ - name: pipelineName
+ value: $(tt.params.pipelineName)
+ - name: pipelineRunName
+ value: $(tt.params.pipelineRunName)
+ - name: pipelineRunNamespace
+ value: $(tt.params.pipelineRunNamespace)
+...
+{{- end -}}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-mergeSuccess" ) }}
\ No newline at end of file
diff --git a/tools/gate/jarvis/500-deploy-gerrit.sh b/tools/gate/jarvis/500-deploy-gerrit.sh
index 547443a6..85c2104d 100755
--- a/tools/gate/jarvis/500-deploy-gerrit.sh
+++ b/tools/gate/jarvis/500-deploy-gerrit.sh
@@ -161,36 +161,14 @@ function gerrit_bootstrap() {
forgeCommitter = group Administrators
forgeCommitter = group Project Owners
push = group Administrators
- push = group Project Owners
submit = group Administrators
- submit = group Project Owners
- label-Code-Review = -2..+2 group Administrators
- label-Code-Review = -2..+2 group Project Owners
- label-Code-Review = -1..+1 group Registered Users
- label-Verified = -1..+1 group Administrators
- label-Verified = -1..+1 group Service Users
- label-Verified = -1..+1 group Project Owners
- label-Workflow = -1..+1 group Administrators
- label-Workflow = -1..+1 group Service Users
- label-Workflow = -1..+1 group Project Owners
[access "refs/meta/config"]
exclusiveGroupPermissions = read
create = group Administrators
push = group Administrators
- push = group Project Owners
read = group Administrators
read = group Project Owners
submit = group Administrators
- submit = group Project Owners
- label-Code-Review = -2..+2 group Administrators
- label-Code-Review = -2..+2 group Project Owners
- label-Code-Review = -1..+1 group Registered Users
- label-Verified = -1..+1 group Administrators
- label-Verified = -1..+1 group Service Users
- label-Verified = -1..+1 group Project Owners
- label-Workflow = -1..+1 group Administrators
- label-Workflow = -1..+1 group Service Users
- label-Workflow = -1..+1 group Project Owners
[access "refs/tags/*"]
create = group Administrators
create = group Project Owners
@@ -220,11 +198,26 @@ EOF
git checkout meta/config
rm project.config || true
rm rules.pl || true
+ tee --append groups <<EOF
+global:Project-Owners Project Owners
+EOF
tee project.config << EOF
[access]
inheritFrom = All-Projects
[access "refs/*"]
owner = group Administrators
+[access "refs/heads/*"]
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ label-Verified = -1..+1 group Administrators
+ label-Workflow = -1..+1 group Administrators
+ label-Workflow = -1..+1 group Project Owners
+[access "refs/meta/config"]
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ label-Verified = -1..+1 group Administrators
+ label-Workflow = -1..+1 group Administrators
+ label-Workflow = -1..+1 group Project Owners
[label "Code-Review"]
function = MaxWithBlock
defaultValue = 0
@@ -250,29 +243,30 @@ EOF
value = +1 Approved
EOF
- tee rules.pl << EOF
-sum_list([], 0).
-sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
-
-add_category_min_score(In, Category, Min, P) :-
- findall(2, gerrit:commit_label(label(Category,2),R),Z),
- sum_list(Z, Sum),
- Sum >= Min, !,
- gerrit:commit_label(label(Category, V), U),
- V >= 1,
- !,
- P = [label(Category,ok(U)) | In].
-
-add_category_min_score(In, Category,Min,P) :-
- P = [label(Category,need(Min)) | In].
-
-submit_filter(In, Out) :-
- In =.. [submit | Ls],
- gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
- add_category_min_score(NoCR,'Code-Review', 4, Labels),
- Out =.. [submit | Labels].
-
-EOF
+# TODO enable rules.pl once more LDAP users are registered
+# tee rules.pl << EOF
+#sum_list([], 0).
+#sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
+#
+#add_category_min_score(In, Category, Min, P) :-
+# findall(2, gerrit:commit_label(label(Category,2),R),Z),
+# sum_list(Z, Sum),
+# Sum >= Min, !,
+# gerrit:commit_label(label(Category, V), U),
+# V >= 1,
+# !,
+# P = [label(Category,ok(U)) | In].
+#
+#add_category_min_score(In, Category,Min,P) :-
+# P = [label(Category,need(Min)) | In].
+#
+#submit_filter(In, Out) :-
+# In =.. [submit | Ls],
+# gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
+# add_category_min_score(NoCR,'Code-Review', 4, Labels),
+# Out =.. [submit | Labels].
+#
+#EOF
git add .
git commit -asm "Create Submission Rules"
git push origin HEAD:refs/meta/config
@@ -287,11 +281,28 @@ EOF
git checkout meta/config
rm project.config || true
rm rules.pl || true
+ tee --append groups <<EOF
+global:Project-Owners Project Owners
+EOF
tee project.config << EOF
[access]
inheritFrom = All-Projects
[access "refs/*"]
owner = group Administrators
+[access "refs/heads/*"]
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ label-Verified = -1..+1 group Administrators
+ label-Verified = -1..+1 group Project Owners
+ label-Workflow = -1..+1 group Administrators
+ label-Workflow = -1..+1 group Project Owners
+[access "refs/meta/config"]
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ label-Verified = -1..+1 group Administrators
+ label-Verified = -1..+1 group Project Owners
+ label-Workflow = -1..+1 group Administrators
+ label-Workflow = -1..+1 group Project Owners
[label "Code-Review"]
function = MaxWithBlock
defaultValue = 0
@@ -302,6 +313,13 @@ EOF
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
+[label "Verified"]
+ function = MaxWithBlock
+ defaultValue = 0
+ value = -1 Fails
+ value = 0 No score
+ value = +1 Verified
+ copyAllScoresIfNoCodeChange = true
[label "Workflow"]
function = MaxWithBlock
defaultValue = 0
@@ -310,29 +328,30 @@ EOF
value = +1 Approved
EOF
- tee rules.pl << EOF
-sum_list([], 0).
-sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
-
-add_category_min_score(In, Category, Min, P) :-
- findall(2, gerrit:commit_label(label(Category,2),R),Z),
- sum_list(Z, Sum),
- Sum >= Min, !,
- gerrit:commit_label(label(Category, V), U),
- V >= 1,
- !,
- P = [label(Category,ok(U)) | In].
-
-add_category_min_score(In, Category,Min,P) :-
- P = [label(Category,need(Min)) | In].
-
-submit_filter(In, Out) :-
- In =.. [submit | Ls],
- gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
- add_category_min_score(NoCR,'Code-Review', 4, Labels),
- Out =.. [submit | Labels].
-
-EOF
+# TODO enable rules.pl once more LDAP users are registered
+# tee rules.pl << EOF
+#sum_list([], 0).
+#sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
+#
+#add_category_min_score(In, Category, Min, P) :-
+# findall(2, gerrit:commit_label(label(Category,2),R),Z),
+# sum_list(Z, Sum),
+# Sum >= Min, !,
+# gerrit:commit_label(label(Category, V), U),
+# V >= 1,
+# !,
+# P = [label(Category,ok(U)) | In].
+#
+#add_category_min_score(In, Category,Min,P) :-
+# P = [label(Category,need(Min)) | In].
+#
+#submit_filter(In, Out) :-
+# In =.. [submit | Ls],
+# gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
+# add_category_min_score(NoCR,'Code-Review', 4, Labels),
+# Out =.. [submit | Labels].
+#
+#EOF
git add .
git commit -asm "Create Submission Rules"
git push origin HEAD:refs/meta/config
diff --git a/tools/gate/jarvis/800-deploy-jarvis-projects.sh b/tools/gate/jarvis/800-deploy-jarvis-projects.sh
index c77689a0..5676ad0f 100755
--- a/tools/gate/jarvis/800-deploy-jarvis-projects.sh
+++ b/tools/gate/jarvis/800-deploy-jarvis-projects.sh
@@ -105,36 +105,14 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth
timeout="120"
end=$((end + timeout))
while true; do
- if [ $voting_ci = "true" ];
- then
- voting_ci="false"
- # Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
- VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
- [ "$VERIFIED" == 1 ] && break || true
- sleep 5
- now=$(date +%s)
- if [ "$now" -gt "$end" ] ; then
- echo "Jarvis-System has not verified the change"
- exit 1
- fi
- else
- voting_ci="true"
- # Ensure that the patchset doesn't have the Verified label available to it.
- LABELS=$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels)
- if [ -z "$LABELS" ]; then
- # The curl request didn't give us the labels available to this revision, try again when Gerrit is ready
- sleep 5
- continue
- fi
- VERIFIED_NULL="$( jq -r .Verified <<< "$LABELS" )"
- if [ -z "$VERIFIED_NULL" ]; then
- echo "Verified label found"
- # Verified label should not be found, exit.
- exit 1
- else
- # Labels curl returned all the labels successfully, and Verified was not in the list. This is desired.
- break
- fi
+ # Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
+ VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
+ [ "$VERIFIED" == 1 ] && break || true
+ sleep 5
+ now=$(date +%s)
+ if [ "$now" -gt "$end" ] ; then
+ echo "Jarvis-System has not verified the change"
+ exit 1
fi
done
CHANGE_ID_COUNTER=$((CHANGE_ID_COUNTER+1))
diff --git a/tools/gate/jarvis/development-pipeline/pipelinerun-create.yaml b/tools/gate/jarvis/development-pipeline/pipelinerun-create.yaml
new file mode 100644
index 00000000..d4b11863
--- /dev/null
+++ b/tools/gate/jarvis/development-pipeline/pipelinerun-create.yaml
@@ -0,0 +1,24 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+ generateName: development-pipeline-run
+spec:
+ params:
+ - name: pipeline
+ value: "create"
+ pipelineRef:
+ name: development-pipeline
+ serviceAccountName: sa-development-pipeline
+ workspaces:
+ - name: k8s_cluster_data
+ configMap:
+ name: deployment-flow
+ - name: development_pipeline_data
+ volumeClaimTemplate:
+ spec:
+ storageClassName: standard
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
diff --git a/tools/gate/jarvis/development-pipeline/pipelinerun-validation.yaml b/tools/gate/jarvis/development-pipeline/pipelinerun-merge.yaml
similarity index 90%
rename from tools/gate/jarvis/development-pipeline/pipelinerun-validation.yaml
rename to tools/gate/jarvis/development-pipeline/pipelinerun-merge.yaml
index 3acb55ed..f98144c3 100644
--- a/tools/gate/jarvis/development-pipeline/pipelinerun-validation.yaml
+++ b/tools/gate/jarvis/development-pipeline/pipelinerun-merge.yaml
@@ -3,6 +3,9 @@ kind: PipelineRun
metadata:
generateName: development-pipeline-run
spec:
+ params:
+ - name: pipeline
+ value: "merge"
pipelineRef:
name: development-pipeline
serviceAccountName: sa-development-pipeline
diff --git a/tools/gate/jarvis/development-pipeline/templates/pipeline.yaml b/tools/gate/jarvis/development-pipeline/templates/pipeline.yaml
index 9138394a..f7292db1 100644
--- a/tools/gate/jarvis/development-pipeline/templates/pipeline.yaml
+++ b/tools/gate/jarvis/development-pipeline/templates/pipeline.yaml
@@ -4,6 +4,8 @@ metadata:
name: development-pipeline
namespace: {{ $.Release.Namespace }}
spec:
+ params:
+ - name: pipeline
workspaces:
- name: k8s_cluster_data
- name: development_pipeline_data
@@ -108,6 +110,10 @@ spec:
name: functional
- name: microflow-promote-artifacts
+ when:
+ - input: $(params.pipeline)
+ operator: in
+ values: ["merge"]
runAfter:
- microflow-functional
workspaces: